Privacy Policy

Last updated: January 2026

Introduction

Hindsight ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical portfolio management service.

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

Personal Information

We may collect the following personal information:

  • Name and professional credentials (e.g., GMC number)
  • Email address
  • Professional information (specialty, grade, place of work)
  • Account credentials
  • Payment information (processed securely through our payment provider)

Portfolio Data

When you use our service, we collect and store:

  • CPD entries and reflections
  • Significant event analyses
  • Personal development plans
  • Appraisal preparation documents
  • Writing style samples (used to personalise AI assistance)

Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Usage data and analytics

How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Personalise AI-generated content to match your writing style
  • Process payments and manage your subscription
  • Send important service updates and notifications
  • Improve our service through aggregated analytics
  • Respond to your enquiries and provide customer support
  • Comply with legal obligations

Legal Basis for Processing

We process your personal data based on:

  • Contract: Processing necessary to provide our service to you
  • Legitimate interests: To improve our service and communicate with you
  • Consent: Where you have given explicit consent
  • Legal obligation: Where required by law

Data Storage and Security

Your data is stored on secure servers located within the United Kingdom and European Economic Area. We implement industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • Regular backups with secure storage

AI and Your Data

Our AI features are designed with privacy in mind:

  • Your writing samples are used only to personalise your experience
  • We do not use your data to train general AI models
  • AI-generated content is created specifically for you and is not shared
  • You can request deletion of your style profile at any time

Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: Who help us operate our service (hosting, payment processing)
  • Legal authorities: When required by law or to protect our rights

All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. You can request deletion of your account and associated data at any time.

Certain data may be retained for longer periods where required by law (e.g., financial records for tax purposes).

Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of data processing
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise any of these rights, please contact us at privacy@hindsight.health.

Cookies

We use essential cookies to provide our service and optional analytics cookies to understand how our service is used. You can manage your cookie preferences through your browser settings.

Children's Privacy

Our service is intended for medical professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. The updated policy will be effective when posted.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

By using Hindsight, you acknowledge that you have read and understood this Privacy Policy. For our complete terms, please see our Terms of Use.